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DETAILED ACTION 

1 . This communication is responsive to the communication filed on 03/24/2008. 

2. Claims 1-1 1 are pending. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 



5. Claims 1 and 2 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijoleketal. (US Patent 6,510,162) in view of Fijolek etal. ( US Patent 6,577,642) 
and in further view of Casey (US Patent 6,493,349). 



With regard to claim 1, Fijolek et al. discloses having an apparatus for routing 
packets from a first network node to a second network node in a data network, Fijolek et 
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al. discloses having a cable modem termination system 12 in fig .1 in a cable network 
that is routing data from a from a cable modem ("first network node" back to a cable 
modem ("second network node ", fig. 5). 

comprising: means for assigning and the sending first node identifier (ID) to the 
first node, wherein the first node ID uniquely identifies the first node: means for 
mapping the assigned first node ID with at least on VPN, wherein the first node ID is 
assigned, sent and mapped by an entity other than the first node; Fijolek et al. '162 
discloses having a cable modem termination system 12 in fig. 1 that assigns service 
identifiers (SIDs" ID") to CM (cable modems, "first node" column 15 line 17-18). 
However, Fijolek et al. '162 does not discloses having the means for mapping the 
assigned ID with at least on VPN, wherein the ID is assigned, sent and mapped by an 
entity other than the first node. Fijolek et al. '642 discloses having method and system 
for virtual network administration with data-over cable system ( tile). Fijolek et al. '642 
further discloses first networking devices includes a virtual network tag (" mapping at 
least on VPN") and a network address( "first node ID", column 28 line 22-43). However, 
Fijolek et al. '642 does not discloses mapping between the first node ID and the least 
one VPN. Casey discloses having extended Internet protocol virtual private network 
architectures ( titles).., also assigning a VPN (ID) to a first router ( "first node") linking 
("mapping") VPN. ..VPN assigned and linked second router ("entity other than first 
node", column 2 line 10-18). 
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Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) as taught by Fijolek et al. '162 associating a first networking devices with a 
virtual network tag (" mapping at least on VPN") and a network address ( "first node ID") 
Fijolek et al. '642 linking a VPN identifier to a first router as taught by Casey to provide 
a more scalable VPN infrastructure. 

means for receiving a packet from the first node, said packet from the first node, said 
packet including the first node ID, and including routing information for routing said 
packet to a destination address associated with said second node; Fijolek et al. 
discloses having a packet format for a incoming packet being received form a CM 
(cable modem, column 15 table 9 and 10 line 25-67). 

means for examining the packet to identify the first node ID of the first node; Fijolek et 
al. discloses the cable modem termination system 12 (CMTS) have the means of 
examining incoming packets with service identifiers (SID, column 15 line10-67). 
and means for using said first node ID, routing information and the mapping between 
the first node ID and the least one VPN to determine whether said first node is 
associated with at least one VPN. Fijolek et al. discloses having a unique service 
identifier (SID) corresponding to a cable modem (CM) and the SID and routing 
information transmitted in a packet. However, Fijolek et al. does not disclose first node 
is associated with at least one VPN. Fijolek et al. '642 discloses having method and 
system for virtual network administration with data-over cable system ( tile). Fijolek et 
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al. '642 further discloses first networking devices includes a virtual network tag (" 
mapping at least on VPN") and a network address( "first node ID", column 28 line 22- 
43). However, Fijolek et al. '642 does not discloses mapping between the first node ID 
and the least one VPN. Casey discloses having a VPN identifier being linked to a first 
router ( column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) assigning a unique identifier SID within a packet as taught by Fijolek et al. '162 
associating afirst networking devices with a virtual network tag (" mapping at least on 
VPN") and a network address ( "first node ID") Fijolek et al. '642 linking a VPN 
identifier to a first router as taught by Casey to provide a more scalable VPN 
infrastructure. 

With regard to claim 2, in combination Fijolek et al. '162 , Fijolek et al. '642 and 
Casey teaches the apparatus recited in claim 1 .Further comprising means for routing 
the packet to the second node. Fijolek et al. discloses in fig. 1 that the cable modem 
termination system 12 (CMTS) has the means to transmit a packet to a second CM 
(cable modem, "second node"). 
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6. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable 
Over Fijolek et al. (US Patent 6,577,642) in view of f Rosen et al. ("BGP/MPLS VPNs' 0 
1999) and Casey (US Patent 6,493,349). 

With regard to claim 5, Fijolek et al. discloses an apparatus for. associating 
nodes in a data network with at least one virtual private network (VPN), the data 
network including an access network having at least one Head End device and a 
plurality Of nodes, the access network further including at least one shared access 
channel utilized by a first and a second node of the plurality of nodes to communicate 
with the Head End device, Fijolek et al. discloses having a cable modem termination 
system 12 in fig 1 located in a head end of cable system 26 ( fig. 1). It is conventional 
that a cable modem termination system can operate as point-to-point or point-to- 
multipoint and that the cable modem are bi-directionally communicating with the head 
end. Fijolek et al. discloses having a virtual networking administration in a data-over- 
cable-system 10 using a network address and the first virtual networking tag stored in a 
virtual networking table associated with the second network device to provide selected 
first network devices a desired networking service on a virtual network via the data- 
over-cable-system (column 28 line 34-43). 

Fijolek et al. does not discloses said apparatus comprising: means for determining 
whether said first node is a member of at least one VPN; Rosen et al. discloses having 
a method in which a service provider with an IP backbone may provide VPNs (Virtual 
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Private Networks) for its customers with MPLS (Multiprotocol Label Switching) is used 
for forwarding packets over the backbone (Abstract). It is inferred that this mechanism 
can be implemented in the head end of a cable system 26. Rosen et al. further 
discloses assigning packets to a particular site ( page 7 line 12-1 3). ..also a packet's 
destination address, is matched against a VPN-lpv4 route ("page 8 line 49-51). It is 
inferred that the packets contains the information of the device or node from which it 
came from. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 9 column 28 line i8-19) as taught by Fijolek et al. matching a 
destination address against a VPN-lpv4 route as taught by Rosen to provide a 
mechanism that will transmit packets to a specific VPN. 

the means for if it is determined that said first node is a member of at least one VPN, 
assigning and then sending an identifier ( ID ) to the first node and binding the ID of said 
first node with said VPN to thereby cause said first node to be associated with said 
VPN, wherein the ID is assigned, sent and then bound by an entity other than the first 
node, wherein the ID uniquely identifies the first node . Fijoleket al. discloses having a 
cable modem termination system 12 in fig. 1 that assigns service identifiers (SIDs) to 
CM (cable modems, column 15 line 17-18). Fijoleket al. further discloses having 
method and system for virtual network administration with data-over cable system ( tile). 
In addition, Fijolek et al. discloses first networking devices includes a virtual network 
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tag (" mapping at least on VPN") and a network address( "first node ID", column 28 line 
22-43). However, Fijolek et al. does not discloses mapping between the first node ID 
and the least one VPN. Casey discloses having extended Internet protocol virtual 
private network architectures ( titles).., also assigning a VPN (ID) to a first router ( "first 
node") linking ("mapping") VPN. ..VPN assigned and linked second router ("entity other 
than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) associating a first networking devices with a virtual network tag (" mapping at 
least on VPN") and a network address ( "first node ID") Fijolek et al. incorporating 
linking a VPN identifier to a first router as taught by Casey to provide a more scalable 
VPN infrastructure. 

With regard to claim 6, in combination Fijoleck et al. and Casey teaches the 
apparatus recited in claim 5. further including means for mapping a particular sub- 
interface of the Head End to said particular VPNo Fijoleck et al. discloses having a head 
end of cable system in fig. 1 . Fijoleck et al. further discloses having a virtual networking 
administration in a data-over-cable-system 10 using a network address and the first 
virtual networking tag stored in a virtual networking table associated with the second 
network device to provide selected first network devices a desired networking service 
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on a virtual network via the data-over-cable-system ( column 28 line 34-43). However, 
Fijoleck et al. does not disclose means for mapping a particular sub-interface of the 
Head End to said particular VPN. Rosen et al. discloses having a method in which a 
service provider with a IP backbone may provide VPNs (Virtual Private Networks) for its 
customers with MPLS (Multiprotocol Label Switching) is used for forwarding packets 
over the backbone (Abstract). Rosen et al. discloses that one could divide the interface 
into multiple "sub-interfaces"... and assign the packets to a VPN based on the on the 
sub-interface over which it arrives (page 7 paragraph 3.1 line 11-17). 1 1 is inferred that 
this mechanism can be implemented in the head end of the data-over-cable-system and 
that the head end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 

7. Claims 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijolek et al. (US Patent 6,577,642) and Rosen et al. ("BGP/MPLS VPNs" 1999) 
and Casey (US Patent 6,493,349) as applied to claim 5 above, and further in view of 
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Gilbrech (US Patent 6,173,399 ). 



Page 10 



With regard to claim 7, in combination Fijolek et al. and Casey teaches the 
apparatus recited in claim 5. further comprising: means for receiving at said Head End 
device a packet from said first node, said packet including a destination address 
corresponding to a second node in the network, Fijolek et al. discloses having a head 
end of a cable system 26 in fig. I which has the means to send and receive packets from 
cable modems.., such configurations may be "one-to-one", "one-to-many" or "many-to- 
many" (column 7 line 20-38). Fijolek et al. further discloses having means for examining 
said packet to identify the ID of said first node; Fijolek et al. discloses the cable modem 
termination system 12 (CMTS) have the means of examining incoming packets with 
service identifiers (SID, column 15 line10-67). and means for using said ID at said Head 
End device to determine whether said first node is a member of at least one VPN. 
Fijoleck et al. discloses having a cable modem termination system 12a-c... also Fijoleck 
et al discloses a cable television network headend is a central location ( column 4 line 
33-34). However, Fijoleck et al. does not disclose first node is a member of at least one 
VPN. Gilbrech discloses having a VPN unit processing packet by examining the source 
and destination address of the packet. Gibrech ful:ther discloses the VPN unit 
moderates data communication between members of a defined VPN group (column 2 
line 45-48)... the VPN unit maintains a lookup table identifying members of a specific 
virtual private network groups. It is inferred that the VPN unit keeps record of an 
identifier of member in a table and each identifier is link to a virtual private network 
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groups. 



With regard to claim 8, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7. Further comprising: means for if it is 
determined that said first node is a member of a first VPN, determining at said Head 
End device whether the destination address of said packet is within said first VPN. 
Fijoleck et al. discloses having a head end of a cable system 26 with a cable modem 
termination system 12 in fig. 1. Fijoleck et al. further discloses having a virtual 
networking administration in a data-over-cable-system 10 (column 28 line 18-19). 
However, Fijoleck et al. does not discloses that the first node is a member of a first 
VPN, determining at said Head End device whether the destination address of said 
packet is within said first VPN. Rosen et al. discloses having a method in which a 
service provider with an IP backbone may provide VPNs (Virtual Private Networks) for 
its customers with MPLS (Multiprotocol Label Switching) is used for forwarding packets 
over the backbone (Abstract). It is inferred that this mechanism can be implemented in 
the head end of a cable system 26. Rosen et al. further discloses when a packets 
destination address is matched against a VPN-IPv4 route (page 8 line 49-51). 
Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to have a virtual networking administration in a data- over- 
cable-system 10 as taught by Fijolek et al. matching packets destination address 
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against a VPN-IPv4 route (VPN) as taught by Rosen et al. to provide a mechanism that 
will restrict packets from entering in VPNs that they are not associated with. 

With regard to claim 9, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7.further comprising means for routing 
the packet to the second node. Fijoleck et at. discloses having a having a head end of a 
cable system 26 with a cable modem termination system 12 in fig. 1 routing packets to a 
cable modem.., the system configurations may be "one-to-one", "one-to-many" or 
"many-to- many"( column 7 line 20-38 and fig. 1 ). It is inferred that the head end have 
the capability to route packets to other cable modems in the network. 
Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to have a to a cable modem termination system 12 (CMTS) 
assigning a unique identifier SID within a packet as taught by Fijolek et al. being 
examined a VPN unit that associates identifying members with a virtual private network 
groups as taught by Gilbrech to provide a more secure cable network. 

8. Claims 10 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijoleck et al. (US Patent 6,577,642) in view of Casey (US Patent 6,493,349) and 
Rosen ( "BGP/MPLS VPNs", 1999). 
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With regard to claim 10, Fijoleck et al. discloses having a apparatus for 
configuring a Head End of an access network to route packets from a first node to a 
second node in the access network, Fijolek et al. discloses having a cable modem 
termination system 12 in fig 1 located in a head end of cable system 26 ( fig. 1 ). the 
apparatus comprising: means for associating particular network nodes on the, access 
network with a first virtual private network (VPN) ; Fijoleck et al. further discloses having 
a virtual networking administration in a data-over-cable-system 10 (column 28 line 18- 
19). 

the means for assigning and then sending to the first node an identifier ( ID), 
wherein the ID is assigned and sent to the first node by an entity other than the first 
node, wherein the ID uniquely identifies the first node : Fijolek et al. discloses having a 
cable modem termination system 12 in fig. 1 that assigns service identifiers (SIDs) to 
CM (cable modems, column 1 5 line 1 7-18). However, Fijolek et al. means for mapping 
the assigned ID with at least on VPN, wherein the ID is assigned, sent and mapped by 
an entity other than the first node. Casey discloses having extended Internet protocol 
virtual private network architectures ( titles).., also assigning a VPN (ID) to a first router ( 
"first node") linking ("mapping") VPN. ..VPN assigned and linked second router ("entity 
other than first node", column 2 line 10-18). 
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Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system. 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 

the means for associating the assigned ID with the first VPN to thereby cause the 
first node to be associated with the first VPN, wherein the assigned ID is associated by 
the entity other than the first node. Fijoleck et al. (6,577,642) discloses having a cable 
modem termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM 
(cable modems, column 15 line 17-18). However, Fijolek et al. means for mapping the 
assi.qned ID with at least on VPN, wherein the ID is assigned, sent and mapped by an 
entity other than the first node. Casey discloses having extended Internet protocol 
virtual private network architectures ( titles).. .also assigning a VPN (ID) to a first router 

( "first node") linking ("mapping") VPN. ..VPN assigned and linked second router ("entity 
other than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to have a to a cable modem termination system 12 (CMTS) 
as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first router and 
second router as taught Casey to provide a more scalable VPN infrastructure. 
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With regard to claim 11, in combination Fijoleck et al., Rosen et al. and Casey 
teaches the apparatus recited in claim 10.further means for including mapping a 
particular sub- interface of the Head End to the first VPN. Fijoleck et al. discloses having 
a head end of a cable system 26 in fig. 1 . Fijolek et al. further disclose having a virtual 
network administration in a data-over-cable-system (column 28 line 18-19). However, 
Fijoleck et al. does not disclose means for including mapping a particular sub-interface 
of the Head End to the first VPN. Rosen et al. discloses that one could divide the 
interface into multiple "sub-interfaces"... and assign the packets to a VPN based on the 
on the sub-interface over which it arrives (page 7 paragraph 3.1 line 1 1-17).1t is inferred 
that this mechanism can be implemented in the head end of the data-over- cable- 
system and that the head end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 
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Allowable Subject Matter 

9. Claim 3 and 4 would be allowable if rewritten or amended to overcome the 
rejection(s) under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action. 

Prior Art 

10. The prior art made record and not relied upon is considered pertinent to 
applicant's disclosure: 

Jagannath et al. ( US Patent 7,095,740) discloses having a method and apparatus for 
virtual overlay networks. 

Le Goff et al. ( US Patent 6,438,127) discloses having a process and apparatus for the 
operation of virtual private networks on a common data packet communication network. 
Fox et al. (" Virtual Private Networks Identifier" RFC 2685, September 1999) discloses 
having using a Virtual Private Networks Identifier. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DeWanda Samuel whose telephone number is (571) 
270-1213. The examiner can normally be reached on Monday- Thursday 8:30-5:30 
EST. 



Application/Control Number: 10/758,434 Page 17 

Art Unit: 2616 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ricky Q. Ngo can be reached on (571) 272-3139. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Ricky Ngo/ 

Supervisory Patent Examiner, Art 
Unit 2616 

/DeWanda Samuel/ 
Examiner, Art Unit 2616 
5/13/2008 



